Re: Howto refresh IIS 6 Application pool identity credential info
- From: Peke <peke@xxxxxxxxxxxxx>
- Date: Sun, 10 Feb 2008 22:57:01 -0800
Ken,
FYI, the results of logonsessions.exe (SysInternals)
Logon session 00000000:0327e6da:
User name: DEV\NfnOUser
Auth package: Kerberos
Logon type: Batch
Session: 0
Sid: S-1-5-21-1275210071-688789844-725345543-4792
Logon time: 7/02/2008 7:58:32
Logon server: DEVDC1
DNS Domain: DEV.DIGANT.ANTWERPEN.LOCAL
UPN:
--- application pool stop/start
Logon session 00000000:0327e6da:
User name: DEV\NfnOUser
Auth package: Kerberos
Logon type: Batch
Session: 0
Sid: S-1-5-21-1275210071-688789844-725345543-4792
Logon time: 7/02/2008 7:58:32
Logon server: DEVDC1
DNS Domain: DEV.DIGANT.ANTWERPEN.LOCAL
UPN:
---> nothing changed
--- IISRESET
Logon session 00000000:04efb566:
User name: DEV\NfnOUser
Auth package: Kerberos
Logon type: Batch
Session: 0
Sid: S-1-5-21-1275210071-688789844-725345543-4792
Logon time: 11/02/2008 7:49:36
Logon server: DEVDC1
DNS Domain: DEV.DIGANT.ANTWERPEN.LOCAL
UPN:
---> new logon session (session ID and logon time)
Grtz,
Peter
"Peke" wrote:
Ken,.
Thx for the response, but stopping/starting the application pool doesn't help.
It seems that the domain account security is cached at startup of IIS, and
doesn't change until IISRESET is executed. After IISRESET, I see that the
logon time for the account has changed (using sysinternals tool). An
application pool restart doesn't change the credential info.
FYI,
the sysinternal tool shows that it has an authentication package of type
Kerberos and the logon type is Batch. So I think the solution could be found
in "renewing" the Kerberos ticket, but I have no idea how to do that.
IISRESET does the job so the code is somewhere in there :-(.
Kind regards,
Peter
"Ken Schaefer" wrote:
You should just be able to restart the web application pool in question.
Cheers
Ken
"Peke" <peke@xxxxxxxxxxxxx> wrote in message
news:53EA3347-C41F-42CE-964B-7EF6EA321BCA@xxxxxxxxxxxxxxxx
Hi,
We are having problems with the following situation.
If we change security settings for an application pool identity (something
like putting it in a security group (to have NTFS access on a folder,
accessible through a virtual directory in IIS)), the access is only
granted
after IISRESET. It's a domain account (I don(t know if this is
important.).
It seems like we have the following scenario :
On start of IIS, all application pool identities are given a logon
session.
I can see that using logonsessions.exe from sysinternals.
The logon session is only refreshed/renewed after IISRESET.
Is there a better , less impacting , way to get the specific logon
sesssion
renewed ?
Grtz,
Peter
- References:
- Prev by Date: Tearing Out Hair in Clumps...iis7 and Compiler Error Message: BC31
- Next by Date: Re: Howto refresh IIS 6 Application pool identity credential info
- Previous by thread: Re: Howto refresh IIS 6 Application pool identity credential info
- Next by thread: Re: Howto refresh IIS 6 Application pool identity credential info
- Index(es):
Relevant Pages
|
